<?php
define('NEED_CHECK_LOGIN',false);
include('common.php');

if ($_GET['action'] == 'logout')
{
	unset($_SESSION['user']);
	exit_ok();
}
else
{
	$username = $_POST['username'];
	$password = end_encode($_POST['password']);
	$users = require 'data/users.php';
	if ($username && $users[$username])
	{
		if ($users[$username]['password'] == $password)
		{
			$_SESSION['user'] = $users[$username];
			exit_ok();
		}
		else
		{
			exit_error('wrong password');
		}
	}
	else
	{
		exit_error('wrong username');
	}
}